A natural language processing AI agency signed a contract with a financial services company to build a document analysis system. The contract was based on the agency's standard software development agreement with minimal AI-specific provisions. When the model's accuracy on certain document types fell below the client's expectations, the dispute quickly escalated. The client argued that the agency had guaranteed 95 percent accuracy across all document types—a claim based on a performance metric mentioned in a sales presentation. The agency argued that model accuracy was inherently variable and that the contract did not include specific accuracy guarantees. The contract was silent on model performance standards, acceptance criteria for AI systems, responsibility for model monitoring, liability for model-based decisions, and what "delivery" meant for an AI system. The dispute consumed four months and 120,000 dollars in legal fees before settling. Both parties agreed the underlying problem was a contract that was not designed for AI.
AI contracts must address risks and responsibilities that traditional software contracts do not contemplate. Models produce probabilistic outputs, not deterministic ones. Performance can degrade over time. Training data creates unique intellectual property and liability questions. The boundary between the agency's work and the client's decisions is more complex than in traditional software. This framework helps you build AI contracts that address these realities.
Why AI Contracts Are Different
Probabilistic Outputs
Software produces deterministic outputs—given the same input, it produces the same output every time. AI models produce probabilistic outputs—accuracy is measured in percentages, not binary pass/fail. Contracts must define acceptable performance ranges rather than exact outputs.
Performance Degradation
Software does not degrade over time (assuming no environmental changes). AI models can degrade as data distributions shift, as the world changes, and as the relationship between inputs and outputs evolves. Contracts must address ongoing performance monitoring, maintenance, and refresh.
Data Dependencies
AI systems are deeply dependent on data—training data, input data, and reference data. Data quality, availability, and representativeness directly affect system performance. Contracts must allocate responsibility for data quality and address what happens when data issues affect performance.
Shared Decision-Making
AI systems often augment human decision-making rather than replacing it. The line between the AI system's contribution and the human's decision can be blurry. Contracts must define where the AI system's responsibility ends and the human's responsibility begins.
Evolving Regulatory Landscape
AI regulations are expanding rapidly. A contract signed today must anticipate regulatory requirements that may emerge during the contract term. Contracts should include mechanisms for adapting to regulatory changes.
Core Contract Provisions for AI Engagements
Scope and Deliverables
Define the scope precisely, including:
System description. What the AI system does, what decisions it supports, what data it uses, and what outputs it produces. Be specific enough to prevent scope disputes but flexible enough to accommodate the iterative nature of AI development.
Performance specifications. Quantitative performance metrics that define acceptable system behavior. Include the specific metrics (accuracy, precision, recall, F1, latency), the measurement methodology, the test data or conditions, and the minimum acceptable values. Specify whether performance targets apply at deployment, throughout the contract term, or both.
Acceptance criteria. The specific criteria that must be met for the client to accept delivery. For AI systems, acceptance criteria should address model performance on agreed-upon test data, bias testing results within agreed-upon thresholds, documentation completeness, security requirements, and regulatory compliance.
Deliverable format. Specify what is delivered—model code, trained model artifacts, documentation, APIs, deployed services, or a combination. Define the format, the delivery mechanism, and the handoff process.
Data Provisions
Client data responsibilities. Define the client's obligations regarding data quality, completeness, timeliness, and legal compliance. The client should warrant that they have the right to share the data and that the data can be used for the intended purpose.
Agency data handling obligations. Define how the agency will handle client data including storage, access control, processing, retention, and deletion. Reference your data protection policies and any applicable regulations.
Training data ownership and use. Address who owns the training data, who can use it, and what restrictions apply. Can the agency use the client's data to improve its general capabilities? Can the agency use the trained model for other clients? These are critical questions that must be answered in the contract.
Data return and deletion. Upon contract termination, specify the process for returning client data and confirming its deletion. Include timelines and verification procedures.
Intellectual Property
Model ownership. Specify who owns the trained model. Common arrangements include client ownership of the model trained on client data, agency ownership of the model with a license to the client, joint ownership with defined rights, and agency ownership of the methodology with client ownership of the trained instance.
Pre-existing IP. Define each party's pre-existing IP and confirm that it remains the property of the originating party. The agency's frameworks, tools, and methodologies should be protected.
Developed IP. Define who owns IP developed during the engagement. This includes novel algorithms, new techniques, and improvements to existing tools.
Open-source components. Disclose any open-source components used in the system and ensure their licenses are compatible with the client's intended use.
Performance and Service Levels
Performance monitoring. Define who monitors model performance, how it is measured, how often it is measured, and what happens when performance degrades.
Service level agreements. For hosted AI services, define availability targets, latency targets, support response times, and remedies for SLA breaches.
Model maintenance. Define the responsibilities and procedures for model maintenance including monitoring, retraining, and updating. Specify who is responsible, how maintenance is triggered, and who bears the cost.
Performance disclaimers. Include appropriate disclaimers about the probabilistic nature of AI outputs. The client should understand that AI models do not guarantee perfect accuracy and that performance may vary across different populations and conditions.
Liability and Indemnification
Liability allocation. Define how liability is allocated between the agency and the client. Key questions include who is liable when the model makes an incorrect prediction that causes harm, who is liable when model performance degrades, who is liable when the model produces biased outcomes, and who is liable for regulatory non-compliance.
Limitation of liability. Define liability caps. Standard software contract liability caps may not be appropriate for AI systems where a single model error could cause significant downstream damage. Consider the risk profile of the specific use case.
Indemnification. Define indemnification obligations. The agency may indemnify the client against claims arising from the agency's negligence, IP infringement, or failure to comply with agreed-upon standards. The client may indemnify the agency against claims arising from the client's use of the system beyond its intended scope.
Insurance requirements. Specify minimum insurance coverage including professional liability, cyber liability, and general liability.
Regulatory Compliance
Compliance responsibilities. Define which party is responsible for compliance with which regulations. Typically, the agency is responsible for complying with regulations that apply to AI development and operation, while the client is responsible for complying with regulations that apply to the business use of the AI system.
Regulatory change. Include provisions for how regulatory changes are handled during the contract term. If new regulations require changes to the AI system, who bears the cost? How quickly must changes be implemented?
Audit cooperation. Include provisions for the agency to cooperate with regulatory audits and compliance assessments.
Compliance representations. Include appropriate representations about current compliance status without overpromising future compliance.
Governance Provisions
Governance standards. Reference the governance standards that will apply to the engagement—your agency's AI governance framework, applicable industry standards, and any client-specific requirements.
Reporting. Define governance reporting requirements including frequency, format, and content. Clients may require periodic reports on model performance, fairness metrics, incident summaries, and compliance status.
Audit rights. Grant the client the right to audit your governance practices, either directly or through a third-party auditor. Define the scope, frequency, and cost allocation for audits.
Incident notification. Define the procedures and timelines for notifying the client of governance incidents, including model failures, bias discoveries, data breaches, and regulatory issues.
Human Oversight and Decision Authority
System role. Clearly define the AI system's role in the decision-making process. Is it making decisions autonomously? Providing recommendations to human decision-makers? Flagging exceptions for human review?
Human oversight. Define the human oversight mechanisms and who is responsible for implementing them. If the system is designed for human-in-the-loop operation, specify the qualifications and responsibilities of the human operators.
Decision authority. Specify who has authority to make final decisions. For high-stakes applications, the contract should be clear that the AI system provides information and recommendations, but humans retain decision authority.
Override capability. Ensure the contract includes provisions for human override of AI system outputs when necessary.
Termination and Transition
Termination triggers. Define events that trigger termination rights, including material performance failure, regulatory non-compliance, governance failures, data breaches, and changes in business circumstances.
Transition support. Upon termination, define the agency's obligations for transition support including knowledge transfer, documentation, data migration, and temporary continued operation.
Model and data handling. Upon termination, specify what happens to the trained model, the training data, and any other artifacts. Define who retains what and what must be returned or destroyed.
Wind-down period. Define a reasonable wind-down period that allows for orderly transition without disruption to the client's operations.
Contract Negotiation Best Practices
Start the Governance Conversation Early
Do not save governance provisions for the contract negotiation. Discuss governance expectations during the sales process. Clients who understand your governance practices early are more likely to accept your contract provisions without protracted negotiation.
Use a Standard Template
Develop a standard AI contract template that includes all the provisions outlined in this framework. Starting from a well-structured template is more efficient than negotiating from scratch each time.
Involve Legal Counsel
AI contracts involve complex legal issues that require legal expertise. Involve counsel with AI and technology law experience in contract development and negotiation.
Document Understanding
When performance expectations are discussed during sales, document them and carry them into the contract. Misaligned expectations are the most common source of contract disputes.
Be Realistic About Performance
Do not promise what AI cannot deliver. Clients respect honest assessments of model limitations more than they appreciate optimistic projections that later prove unrealistic.
Contract Governance for Different Engagement Models
Fixed-Scope Development Contracts
For fixed-scope AI development projects, governance provisions should focus on clear deliverable definitions, acceptance criteria with measurable metrics, milestone-based delivery with governance checkpoints at each milestone, warranty periods that define the agency's post-delivery obligations, and intellectual property assignment or licensing upon delivery.
Time and Materials Contracts
For time and materials engagements, governance provisions should focus on scope boundaries and change management procedures, regular governance reporting and review cadences, defined quality standards and testing requirements, clear roles for client approval of significant decisions, and termination provisions with reasonable notice periods.
Managed Service Contracts
For ongoing managed AI services, governance provisions should focus on service level agreements with specific metrics and remedies, ongoing monitoring and reporting obligations, model maintenance and refresh procedures and responsibilities, incident response commitments including response times and communication procedures, and regular governance reviews (quarterly at minimum).
Multi-Client Platform Contracts
For AI platforms that serve multiple clients, governance provisions should focus on data isolation between clients, platform-wide vs. client-specific governance controls, notification procedures for platform changes that affect all clients, shared vs. dedicated infrastructure governance, and transparent capacity management and performance allocation.
Intellectual Property Complexities in AI
The Model Training IP Question
One of the most complex IP questions in AI is who owns a model trained on one party's data using another party's methodology and infrastructure. Address this question explicitly in every contract:
Agency methodology IP. The agency's algorithms, frameworks, and development tools should remain agency property. These represent the agency's core competence and should not be transferred to clients.
Client data-trained model IP. A model trained specifically on client data often belongs to the client because the model's value is derived from the client's data. However, the agency may retain a license to use the model architecture (without the client-specific weights).
Transfer learning IP. When a foundation model is fine-tuned on client data, IP allocation is complex. Typically, the foundation model remains the property of its original provider, the fine-tuned weights belong to the client, and the fine-tuning methodology belongs to the agency.
Document these allocations clearly. Ambiguity in IP ownership creates disputes that are expensive to resolve.
Your Next Step
This week: Review your current AI contract template (or standard software contract template if you do not have an AI-specific one). Identify which of the provisions outlined in this framework are missing. Prioritize the gaps based on the risk they represent.
This month: Develop or update your AI contract template to include the core provisions for scope, data, IP, performance, liability, compliance, governance, and termination. Engage legal counsel to review the template and ensure it is legally sound.
This quarter: Use the updated template for all new AI engagements. Review existing contracts for significant gaps and negotiate amendments where needed. Train your sales and delivery teams on the contract provisions and how to discuss them with clients. Track contract-related disputes and use them to improve the template.